diff --git a/node/HttpClient.cpp b/node/HttpClient.cpp
index 15c01c446..d4e760182 100644
--- a/node/HttpClient.cpp
+++ b/node/HttpClient.cpp
@@ -48,6 +48,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
+#include <sys/wait.h>
 #endif
 
 namespace ZeroTier {
@@ -68,7 +69,6 @@ const std::map<std::string,std::string> HttpClient::NO_HEADERS;
 // Paths where "curl" may be found on the system
 #define NUM_CURL_PATHS 5
 static const char *CURL_PATHS[NUM_CURL_PATHS] = { "/usr/bin/curl","/bin/curl","/usr/local/bin/curl","/usr/sbin/curl","/sbin/curl" };
-static const std::string CURL_IN_HOME(ZT_DEFAULTS.defaultHomePath + "/curl");
 
 // Maximum message length
 #define CURL_MAX_MESSAGE_LENGTH (1024 * 1024 * 64)
@@ -102,10 +102,6 @@ public:
 				break;
 			}
 		}
-		if (!curlPath.length()) {
-			if (Utils::fileExists(CURL_IN_HOME.c_str()))
-				curlPath = CURL_IN_HOME;
-		}
 		if (!curlPath.length()) {
 			_handler(_arg,-1,_url,false,"unable to locate 'curl' binary in /usr/bin, /bin, /usr/local/bin, /usr/sbin, or /sbin");
 			delete this;
@@ -201,6 +197,19 @@ public:
 				}
 
 				if (waitpid(pid,&exitCode,WNOHANG) > 0) {
+					for(;;) {
+						// Drain output...
+						int n = (int)::read(curlStdout[0],buf,sizeof(buf));
+						if (n <= 0)
+							break;
+						else {
+							_body.append(buf,n);
+							if (_body.length() > CURL_MAX_MESSAGE_LENGTH) {
+								tooLong = true;
+								break;
+							}
+						}
+					}
 					pid = 0;
 					break;
 				}
diff --git a/node/Utils.cpp b/node/Utils.cpp
index 608de5937..c0886859d 100644
--- a/node/Utils.cpp
+++ b/node/Utils.cpp
@@ -151,7 +151,6 @@ unsigned int Utils::unhex(const char *hex,void *buf,unsigned int len)
 }
 
 unsigned int Utils::unhex(const char *hex,unsigned int hexlen,void *buf,unsigned int len)
-	throw()
 {
 	int n = 1;
 	unsigned char c,b = 0;
@@ -191,7 +190,7 @@ void Utils::getSecureRandom(void *buf,unsigned int bytes)
 
 	Mutex::Lock _l(randomLock);
 
-	// A Salsa20 instance is used to mangle whatever our base
+	// A Salsa20/8 instance is used to further mangle whatever our base
 	// random source happens to be.
 	if (!randInitialized) {
 		randInitialized = true;
@@ -208,7 +207,7 @@ void Utils::getSecureRandom(void *buf,unsigned int bytes)
 			{
 				int fd = ::open("/dev/urandom",O_RDONLY);
 				if (fd < 0) {
-					fprintf(stderr,"FATAL ERROR: unable to open /dev/urandom: %s"ZT_EOL_S,strerror(errno));
+					fprintf(stderr,"FATAL ERROR: unable to open /dev/urandom"ZT_EOL_S);
 					exit(-1);
 				}
 				if ((int)::read(fd,randbuf,sizeof(randbuf)) != (int)sizeof(randbuf)) {
@@ -220,17 +219,20 @@ void Utils::getSecureRandom(void *buf,unsigned int bytes)
 #else
 #ifdef __WINDOWS__
 			{
-				char ktmp[32];
-				char ivtmp[8];
-				for(int i=0;i<32;++i) ktmp[i] = (char)rand();
-				for(int i=0;i<8;++i) ivtmp[i] = (char)rand();
-				double now = Utils::nowf();
-				memcpy(ktmp,&now,sizeof(now));
-				DWORD tmp = GetCurrentProcessId();
-				memcpy(ktmp + sizeof(now),&tmp,sizeof(tmp));
-				tmp = GetTickCount();
-				memcpy(ktmp + sizeof(now) + sizeof(DWORD),&tmp,sizeof(tmp));
-				Salsa20 s20tmp(ktmp,256,ivtmp,8);
+				struct {
+					double nowf;
+					DWORD processId;
+					DWORD tickCount;
+					uint64_t nowi;
+					char padding[32];
+				} keyMaterial;
+				keyMaterial.nowf = Utils::nowf();
+				keyMaterial.processId = GetCurrentProcessId();
+				keyMaterial.tickCount = GetTickCount();
+				keyMaterial.nowi = Utils::now();
+				for(int i=0;i<sizeof(keyMaterial.padding);++i)
+					keyMaterial.padding[i] = (char)rand();
+				Salsa20 s20tmp(&keyMaterial,256,&(keyMaterial.nowi),8);
 				s20tmp.encrypt(randbuf,randbuf,sizeof(randbuf));
 			}
 #else
diff --git a/node/Utils.hpp b/node/Utils.hpp
index dfead0d16..5be60e157 100644
--- a/node/Utils.hpp
+++ b/node/Utils.hpp
@@ -106,7 +106,9 @@ public:
 	 * List a directory's contents
 	 * 
 	 * Keys in returned map are filenames only and don't include the leading
-	 * path. Pseudo-paths like . and .. are not returned.
+	 * path. Pseudo-paths like . and .. are not returned. Values are true if
+	 * the item is a directory, false if it's a file. More detailed attributes
+	 * aren't supported since the code that uses this doesn't need them.
 	 *
 	 * @param path Path to list
 	 * @return Map of entries and whether or not they are also directories (empty on failure)
@@ -114,6 +116,8 @@ public:
 	static std::map<std::string,bool> listDirectory(const char *path);
 
 	/**
+	 * Convert binary data to hexadecimal
+	 *
 	 * @param data Data to convert to hex
 	 * @param len Length of data
 	 * @return Hexadecimal string
@@ -122,6 +126,11 @@ public:
 	static inline std::string hex(const std::string &data) { return hex(data.data(),(unsigned int)data.length()); }
 
 	/**
+	 * Convert hexadecimal to binary data
+	 *
+	 * This ignores all non-hex characters, just stepping over them and
+	 * continuing. Upper and lower case are supported for letters a-f.
+	 *
 	 * @param hex Hexadecimal ASCII code (non-hex chars are ignored)
 	 * @return Binary data
 	 */
@@ -129,6 +138,11 @@ public:
 	static inline std::string unhex(const std::string &hex) { return unhex(hex.c_str()); }
 
 	/**
+	 * Convert hexadecimal to binary data
+	 *
+	 * This ignores all non-hex characters, just stepping over them and
+	 * continuing. Upper and lower case are supported for letters a-f.
+	 *
 	 * @param hex Hexadecimal ASCII
 	 * @param buf Buffer to fill
 	 * @param len Length of buffer
@@ -138,16 +152,25 @@ public:
 	static inline unsigned int unhex(const std::string &hex,void *buf,unsigned int len) { return unhex(hex.c_str(),buf,len); }
 
 	/**
+	 * Convert hexadecimal to binary data
+	 *
+	 * This ignores all non-hex characters, just stepping over them and
+	 * continuing. Upper and lower case are supported for letters a-f.
+	 *
 	 * @param hex Hexadecimal ASCII
 	 * @param hexlen Length of hex ASCII
 	 * @param buf Buffer to fill
 	 * @param len Length of buffer
 	 * @return Number of bytes actually written to buffer
 	 */
-	static unsigned int unhex(const char *hex,unsigned int hexlen,void *buf,unsigned int len)
-		throw();
+	static unsigned int unhex(const char *hex,unsigned int hexlen,void *buf,unsigned int len);
 
 	/**
+	 * Generate secure random bytes
+	 *
+	 * This will try to use whatever OS sources of entropy are available. It's
+	 * guarded by an internal mutex so it's thread-safe.
+	 *
 	 * @param buf Buffer to fill
 	 * @param bytes Number of random bytes to generate
 	 */